def test_sign_serial_increment(self):
ezbakeca.EzbakeCA.setup(store=MemoryPersist())
ca = ezbakeca.EzbakeCA()
# first cert
pkey = ezbakeca.private_key()
req = ezbakeca.csr(pkey,
CN="App",
O="Ezbake",
OU="Ezbake Apps",
C="US")
cert = ca.sign_csr(req)
nt.assert_equal(cert.get_subject(), req.get_subject())
nt.assert_equal(cert.get_serial_number(), 2)
# second cert
pkey = ezbakeca.private_key()
req = ezbakeca.csr(pkey,
CN="App2",
O="Ezbake",
OU="Ezbake Apps",
C="US")
cert = ca.sign_csr(req)
nt.assert_equal(cert.get_subject(), req.get_subject())
nt.assert_equal(cert.get_serial_number(), 3)
def test_get_named(self):
ca = ezbakeca.EzbakeCA("named")
ca.save()
ca2 = ezbakeca.EzbakeCA.get_named("named")
nt.assert_equal(ca.name, ca2.name)
nt.assert_equal(ca.pkey_string(), ca2.pkey_string())
nt.assert_equal(ca.cert_string(), ca2.cert_string())
nt.assert_equals(ca.serial, ca2.serial)
def test_multithread(self):
ca = ezbakeca.EzbakeCA("threadingCA")
pool = multiprocessing.pool.ThreadPool(processes=5)
threads = []
for i in range(5):
threads.append(pool.apply_async(issue_n_certs, (ca, range(5))))
vals = []
for t in threads:
vals.extend(t.get())
nt.assert_equal(sorted(vals), sorted(list(set(vals))))
def issue_n_certs(ca, r):
if isinstance(ca, basestring):
ca = ezbakeca.EzbakeCA(ca)
serials = []
for i in r:
cert = ca.sign_csr(
ezbakeca.csr(ezbakeca.private_key(),
CN="App{0}".format(i),
O="Ezbake",
OU="Ezbake Apps",
C="US"))
serials.append(cert.get_serial_number())
return serials
def setUp(self):
self.setup_zookeeper()
zoo_host = ":".join(str(x) for x in self.client.hosts[0])
ezConfig = EzConfiguration().getProperties()
ezConfig[
EzBakePropertyConstants.ZOOKEEPER_CONNECTION_STRING] = zoo_host
ezConfig[caservice.EzCAHandler.CLIENT_CERTS] = "client"
ezConfig[caservice.EzCAHandler.CLIENT_CERT_O] = "tmpcerts"
# make direcotry for client certs
try:
os.mkdir('tmpcerts')
os.mkdir('tmpcerts/server')
os.mkdir('tmpcerts/client')
except OSError as e:
if e.errno != errno.EEXIST:
raise e
#caservice.setup_logging(True, ezConfig)
# Start the server
self.serverProcess = Process(target=caservice.ca_server,
args=(ezConfig, ),
kwargs={
'port': 5049,
'host': 'localhost',
'verify_pattern': r"client",
"ssldir": "tmpcerts/server"
})
self.serverProcess.start()
# Starting the server takes a while
time.sleep(5)
# Write out the client certs
ca.EzbakeCA.setup(FilePersist(caservice.EzCAHandler.TABLE_NAME))
cert.Cert.setup(FilePersist(caservice.EzCAHandler.TABLE_NAME))
try:
ca_certs = ca.EzbakeCA.get_named("ezbakeca")
except KeyError:
ca_certs = ca.EzbakeCA(name="ezbakeca")
ca_certs.save()
client_certs = cert.Cert.get_named("client")
with open(os.path.join("tmpcerts/client", "ezbakeca.crt"), 'w') as f:
f.write(ca_certs.cert_string())
with open(os.path.join("tmpcerts/client", "application.crt"),
'w') as f:
f.write(client_certs.cert_string())
with open(os.path.join("tmpcerts/client", "application.priv"),
'w') as f:
f.write(client_certs.pkey_string())
def test_multithread(self):
ca = ezbakeca.EzbakeCA("threadingCA")
ca.save()
pool = multiprocessing.pool.ThreadPool(processes=5)
threads = []
for i in range(5):
threads.append(pool.apply_async(issue_n_certs, (ca, range(5))))
vals = []
for t in threads:
vals.extend(t.get())
ca.save(
) # save since the threads might still be writing the serial file
nt.assert_equal(sorted(vals), sorted(list(set(vals))))
def test_sign_csr(self):
ca = ezbakeca.EzbakeCA()
pkey = ezbakeca.private_key()
req = ezbakeca.csr(pkey,
CN="App",
O="Ezbake",
OU="Ezbake Apps",
C="US")
cert = ca.sign_csr(req)
nt.assert_is_instance(cert, crypto.X509)
nt.assert_equal(cert.get_subject(), req.get_subject())
nt.assert_equal(cert.get_issuer(), ca.ca_cert.get_subject())
nt.assert_equal(cert.get_serial_number(), 2)
nt.assert_equal(cert.get_version(), 2)
def test_create_ca(self):
# Create new CA
baseCa = ezbakeca.EzbakeCA("TestCA")
# Sign 2 certs
baseCa.sign_csr(
ezbakeca.csr(ezbakeca.private_key(),
CN="App",
O="Ezbake",
OU="Ezbake Apps",
C="US"))
baseCa.sign_csr(
ezbakeca.csr(ezbakeca.private_key(),
CN="App",
O="Ezbake",
OU="Ezbake Apps",
C="US"))
baseCa.save()
# Load the CA from persistence
ca = ezbakeca.EzbakeCA.get_named("TestCA")
# Next serial should be 3
nt.assert_equal(3, ca.serial)
